security

Anything you want!
Locked
vipernw
Posts: 2
Joined: Mon Feb 23, 2004 7:45 pm

security

Post by vipernw » Mon Feb 23, 2004 7:52 pm

how secure is this ftp software?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Post by Serin » Wed Feb 25, 2004 3:40 pm

There are currently no known vulnerabilities or exploits. Do you have a more specific question?

vipernw
Posts: 2
Joined: Mon Feb 23, 2004 7:45 pm

security

Post by vipernw » Wed Feb 25, 2004 4:06 pm

thanks for your reply. i'm evaluating the ftp server as a means for people where i work to get large files home to work on and then back to the office. with the limited testing i've done, the server works great. i would like to be able to assure my boss that our server is not vulnerable. thanks again.

Ninjak2k
Posts: 1
Joined: Thu Apr 29, 2004 10:33 am
Location: Blacksburg, VA (VA Tech)
Contact:

FTP is not secure

Post by Ninjak2k » Thu Apr 29, 2004 10:41 am

FTP is a cleartext protocol and the user name and password are sent in the clear. Anyone on your subnet or on a network between you and the server could see your transmissions. Once they have a valid user name and password, they too can log into your server. Wireless connections are the worst in that anyone in range can see your transmissions. A switched network won't solve your problems either - ARP spoofing can poison a switch.

Just something you should be aware/paranoid of. A semester of Computer and Network security has taught me that.

~Dan

User avatar
otsoroke
Senior User
Posts: 191
Joined: Sat Mar 06, 2004 6:48 pm
Location: Vancouver, British Columbia - Canada
Contact:

Post by otsoroke » Thu Apr 29, 2004 11:32 am

To view plain text packets on a local network, you need a simple, and easy to acquire packet sniffing utility. Ninja2k is very correct in his concerns regarding the security of this method of user login.. In most cases, e-mail and other software ports also have the same issue.

I have been successful in increasing my security and reducing plain text transmissions using ssh tunneling. Unfortunately, if you run a public FTP server, you are vulnerable to the plain text transmission.

Owen

mebbert
New User
Posts: 3
Joined: Thu Dec 08, 2005 11:40 am

Post by mebbert » Thu Dec 08, 2005 12:21 pm

So, if I am at school and I access my ftp site at home, every network between me and my home computer can sniff out my username and password? Can I change that?

Thanks!

Locked